PGP Whole Disk Encryption

The goal of this page is to provide you with all the information and resources necessary to get started using PGP Whole Disk Encryption at IU. That said, this may require a certain amount of technical expertise — especially if you are encrypting an existing system that contains necessary working data.

Consulting with your LSP or other IT support personnel before proceeding is highly recommended. Your campus Support Center can assist you in determining who your LSP is if you are unsure.

What is PGP Whole Disk Encryption?

PGP Whole Disk Encryption (WDE) is a component of the PGP Desktop application. In addition to providing whole disk encryption, the default PGP Desktop installation available at Indiana University includes PGP Zip, PGP Virtual Disk, PGP Shredder, and management of PGP/GPG keys.

WDE encrypts the entire hard disk of your computer, requiring a password before the operating system can boot. This layer of security prevents a third party from being able to read the contents of the disk when using methods to bypass booting the disk (e.g., booting from a Linux Live CD or Windows PE CD).

If you work with sensitive data, strongly recommends that you use a whole disk encryption product, such as PGP WDE. If your computer containing sensitive data is ever lost or stolen, this prevents the data from being accessed by an unauthorized third party. In some cases, an encrypted drive also alleviates the need for a breach notification to the public.

Once PGP Desktop is installed, you will need to provide your ADSallvisible credentials to get a valid license from IU's PGP server (pgpuniversal.iu.edu).

Note: The computer does not need to be joined to the ADS domainallvisible, and the passphrase you use for encryption does not have to be your ADS passphrase. Providing your credentials simply allows you to get a valid license from the server, and to create a valid PGP key pair.

If you forget your PGP passphrase, or a file has been encrypted with a key that becomes lost or corrupted, or data has been encrypted by a user no longer with the university, the University Information Policy Office (UIPO) can assist with recovery. UIPO maintains the Whole Disk Encryption recovery tokens and an additional decryption key which can be used to decrypt data encrypted with the IU distribution of PGP Desktop. If this need arises, contact the UIPO at uipo@iu.edu . If your request meets the guidelines in IU policy IT-07 Privacy of Electronic Information and Information Technology Resources, as well as any other applicable IU policies, UIPO will contact you and explain how to proceed.

Why should I use PGP?

If you work with sensitive data, UITS strongly recommends that you use a whole disk encryption product, such as PGP WDE. If your computer containing sensitive data is ever lost or stolen, this prevents the data from being accessed by an unauthorized third party.

As of July 2006, unauthorized data disclosures/breaches can carry criminal penalties in the State of Indiana, including fines and jail time. In most cases, an encrypted drive alleviates the need for a breach notification to the public, or to the State Attorney General.